GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,051
Erlang
29
GitHub Actions
19
Go
1,878
Maven
5,000+
npm
3,602
NuGet
638
pip
3,203
Pub
10
RubyGems
852
Rust
814
Swift
35
Unreviewed advisories
All unreviewed
5,000+
19,932 advisories
Filter by severity
libsbmlsim downloads Resources over HTTP
High
CVE-2016-10675
was published
for
libsbmlsim
(npm)
Feb 18, 2019
OS Command Injection in Locutus
Critical
CVE-2020-13619
was published
for
locutus
(npm)
Jul 26, 2021
Arbitrary File Read in phantom-html-to-pdf
High
CVE-2020-7763
was published
for
phantom-html-to-pdf
(npm)
Nov 6, 2020
Path Traversal in node-red-contrib-huemagic
High
CVE-2021-25864
was published
for
node-red-contrib-huemagic
(npm)
Apr 13, 2021
Directory Traversal in intsol-package
High
CVE-2017-16178
was published
for
intsol-package
(npm)
Jul 23, 2018
libsbml downloads Resources over HTTP
High
CVE-2016-10668
was published
for
libsbml
(npm)
Feb 18, 2019
Insecure Defaults Allow MITM Over TLS in engine.io-client
Moderate
CVE-2016-10536
was published
for
engine.io-client
(npm)
Feb 18, 2019
Directory Traversal in utahcityfinder
High
CVE-2017-16173
was published
for
utahcityfinder
(npm)
Jul 23, 2018
Marked vulnerable to XSS from data URIs
Moderate
CVE-2017-1000427
was published
for
marked
(npm)
Jan 4, 2018
Phoenix Arbitrary URL Redirect
Moderate
CVE-2017-1000163
was published
for
phoenix
(Erlang)
Apr 12, 2022
Helm vulnerable to denial of service through through repository index file
Moderate
CVE-2022-23525
was published
for
helm.sh/helm/v3
(Go)
Dec 14, 2022
ADOdb Library SQL Injection
Critical
CVE-2016-7405
was published
for
adodb/adodb-php
(Composer)
May 17, 2022
Directory Traversal in serverliujiayi1
High
CVE-2017-16095
was published
for
serverliujiayi1
(npm)
Sep 1, 2020
Command Execution in windows-cpu
Critical
CVE-2017-1000219
was published
for
windows-cpu
(npm)
Sep 1, 2020
Regular Expression Denial of Service in content
High
CVE-2017-16111
was published
for
content
(npm)
Jul 24, 2018
Cross-site Scripting in remarkable
Moderate
CVE-2019-12043
was published
for
remarkable
(npm)
May 29, 2019
Regular Expression Denial of Service in postcss
Moderate
CVE-2021-23382
was published
for
postcss
(npm)
Jan 7, 2022
ProTip!
Advisories are also available from the
GraphQL API